CVE-2020-12861Out-of-bounds Write in Sane Backends

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow11 documents8 sources
Severity
8.8HIGHNVD
OSV7.5
EPSS
0.6%
top 30.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Sane-project Sane BackendsSane-backends Project Sane-backendsCanonical Ubuntu Linux+1 more
Timeline
PublishedJun 24
Latest updateMay 24

Description

A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Ubuntusane-backends_project/sane-backends< 1.0.25+git20150528-1ubuntu2.16.04.3+2
NVDopensuse/leap15.1, 15.2+1

Also affects: Ubuntu Linux 16.04, 18.04, 20.04

Patches

Patch: alioth-lists.debian.netPatch: alioth-lists.debian.net

🔴Vulnerability Details

4
GHSA
GHSA-hxcj-jfw4-p5vg: A heap buffer overflow in SANE Backends before 12022-05-24
OSV
sane-backends vulnerabilities2020-08-24
OSV
CVE-2020-12861: A heap buffer overflow in SANE Backends before 12020-06-24
CVEList
CVE-2020-12861: A heap buffer overflow in SANE Backends before 12020-06-24

📋Vendor Advisories

3
Ubuntu
sane-backends vulnerabilities2020-08-24
Red Hat
sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c2020-05-17
Debian
CVE-2020-12861: sane-backends - A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device ...2020

💬Community

3
Bugzilla
CVE-2020-12861 mingw-sane-backends: sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c [fedora-all]2020-06-24
Bugzilla
CVE-2020-12861 sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c [fedora-all]2020-06-24
Bugzilla
CVE-2020-12861 sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c2020-06-24
CVE-2020-12861 — Out-of-bounds Write in Sane Backends | cvebase